<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <TITLE>BIND zone Statement</TITLE> </HEAD> <BODY> <H2>BIND Configuration File Guide--<CODE>zone</CODE> Statement</H2> <HR> <A NAME="Syntax"><H3>Syntax</H3></A> <PRE> zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { type master; file <VAR><A HREF="docdef.html">path_name</A></VAR>; [ forward ( only | first ); ] [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ] [ check-names ( warn | fail | ignore ); ] [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] [ notify (<VAR><A HREF="docdef.html">yes_or_no</A></VAR> | explicit ); ] [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] }; ] [ ixfr-base <VAR><A HREF="docdef.html">path_name</A></VAR>; ] [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ] }; zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { type ( slave | stub ); [ file <VAR><A HREF="docdef.html">path_name</A></VAR>; ] [ ixfr-base <VAR><A HREF="docdef.html">path_name</A></VAR>; ] masters [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR><A HREF="docdef.html">ip_addr</A></VAR> [key <VAR><A HREF="key.html">key_id</A></VAR>]; [ ... ] }; [ forward ( only | first ); ] [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ] [ check-names ( warn | fail | ignore ); ] [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] [ transfer-source <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ] [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] [ max-transfer-time-in <VAR>number</VAR>; ] [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] }; ] [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ] }; zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { type forward; [ forward ( only | first ); ] [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ] [ check-names ( warn | fail | ignore ); ] }; zone "." [ ( in | hs | hesiod | chaos ) ] { type hint; file <VAR><A HREF="docdef.html">path_name</A></VAR>; [ check-names ( warn | fail | ignore ); ] }; </PRE> <HR> <A NAME="Usage"><H3>Definition and Usage</H3></A> <H4>Zone Types</H4> <DL> <DT><CODE>master</CODE> <DD> The server has a master copy of the data for the zone and will be able to provide authoritative answers for it. <DT><CODE>slave</CODE> <DD> A <CODE>slave</CODE> zone is a replica of a master zone. The <CODE>masters</CODE> list specifies one or more IP addresses that the slave contacts to update its copy of the zone. If a <CODE>port</CODE> is specified then checks to see if the zone is current and zone transfers will be done to the port given. If <CODE>file</CODE> is specified, the replica will be written to this file whenever the zone is changed, and reloaded from this file on a server restart. Use of <CODE>file</CODE> is recommended, since it often speeds server startup and eliminates a needless waste of bandwidth. Note that for large numbers (in the tens or hundreds of thousands) of zones per server, it is best to use a two level naming scheme for zone file names. For example, a slave server for the zone <CODE>vix.com</CODE> might place the zone contents into a file called <CODE>"vi/vix.com"</CODE> where <CODE>vi/</CODE> is just the first two letters of the zone name. (Most operating systems behave very slowly if you put 100K files into a single directory.) <DT><CODE>stub</CODE> <DD> A <CODE>stub</CODE> zone is like a slave zone, except that it replicates only the NS records of a master zone instead of the entire zone. <DT><CODE>forward</CODE> <DD> A <CODE>forward</CODE> zone is used to <A HREF="options.html#Forwarding"> direct all queries</A> in it to other servers. The specification of options in such a zone will override any global options declared in the <A HREF="options.html#Forwarding">options</A> statement. <P>If either no <CODE>forwarders</CODE> statement is present in the zone or an empty list for <CODE>forwarders</CODE> is given, no forwarding will be done for the zone, cancelling the effects of any <CODE>forwarders</CODE> in the <CODE>options</CODE> statement. Thus if you want to use this type of zone to change the behavior of the global <CODE>forward</CODE> option, and not the servers used, you also need to respecify the global forwarders. <DT><CODE>hint</CODE> <DD> The initial set of root nameservers is specified using a <CODE>hint</CODE> zone. When the server starts up, it uses the root hints to find a root nameserver and get the most recent list of root nameservers. </DL> <P>Note: previous releases of BIND used the term <EM>primary</EM> for a master zone, <EM>secondary</EM> for a slave zone, and <EM>cache</EM> for a hint zone.</P> <H4>Class</H4> <P>The zone's name may optionally be followed by a class. If a class is not specified, class <CODE>in</CODE> (for "internet"), is assumed. This is correct for the vast majority of cases. <P>The <CODE>hesiod</CODE> class is for an information service from MIT's Project Athena. It is used to share information about various systems databases, such as users, groups, printers and so on. More information can be found at <A HREF="ftp://athena-dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS">MIT</A>. The keyword <CODE>hs</CODE> is a synonym for <CODE>hesiod</CODE>.</P> <P>Another MIT development was CHAOSnet, a LAN protocol created in the mid-1970s. It is still sometimes seen on LISP stations and other hardware in the AI community, and zone data for it can be specified with the <CODE>chaos</CODE> class.</P> <H4>Options</H4> <DL> <DT><CODE>check-names</CODE> <DD> See <A HREF="options.html#NameChecking">Name Checking</A>. <DT><CODE>allow-query</CODE> <DD> See the description of <CODE>allow-query</CODE> in the <A HREF="options.html#AccessControl">Access Control</A> section. Note that this should in general be <I>more restrictive</I> than the similar global option of the same name; otherwise, confusing and nonworthwhile delegations will be returned. <DT><CODE>allow-update</CODE> <DD> Specifies which hosts are allowed to submit Dynamic DNS updates to the server. The default is to deny updates from all hosts. <DT><CODE>allow-transfer</CODE> <DD> See the description of <CODE>allow-transfer</CODE> in the <A HREF="options.html#AccessControl">Access Control</A> section. <DT><CODE>transfer-source</CODE> <DD> <CODE>transfer-source</CODE> determines which local address will be bound to the TCP connection used to fetch this zone. If not set, it defaults to a system controlled value which will usually be the address of the interface ``closest to'' the remote end. This address must appear in the remote end's <CODE>allow-transfer</CODE> option for this zone if one is specified. <DT><CODE>ixfr-base</CODE> <DD> <CODE>ixfr-base</CODE> specifies the file name used for IXFR transaction log file. <DT><CODE>max-transfer-time-in</CODE> <DD> See the description of <CODE>max-transfer-time-in</CODE> in the <A HREF="options.html#ZoneTransfers">Zone Transfers</A> section. <DT><CODE>dialup</CODE> <DD> See the description of <CODE>dialup</CODE> in the <A HREF="options.html#BooleanOptions">Boolean Options</A> section. <DT><CODE>notify</CODE> <DD> See the description of <CODE>notify</CODE> in the <A HREF="options.html#BooleanOptions">Boolean Options</A> section. <DT><CODE>also-notify</CODE> <DD> <CODE>also-notify</CODE> is only meaningful if <CODE>notify</CODE> is active for this zone. The set of machines that will receive a DNS NOTIFY message for this zone is made up of all the listed nameservers for the zone (other than the primary master) plus any IP addresses specified with <CODE>also-notify</CODE>. <CODE>also-notify</CODE> is not meaningful for <CODE>stub</CODE> zones. The default is the empty list. <DT><CODE>forward</CODE> <DD> <CODE>forward</CODE> is only meaningful if the zone has a <CODE>forwarders</CODE> list. The <CODE>only</CODE> value causes the lookup to fail after trying the <CODE>forwarders</CODE> and getting no answer, while <CODE>first</CODE> would allow a normal lookup to be tried. <DT><CODE>forwarders</CODE> <DD> The <CODE>forwarders</CODE> option in a zone is used to override the list of global forwarders. If it is not specified in a zone of type <CODE>forward</CODE>, <STRONG>no</STRONG> forwarding is done for the zone; the global options are not used. <DT><CODE>pubkey</CODE> <DD> A pubkey represents a public key for this zone. It is needed when this is the top level authoritative zone served by this server and there is no chain of trust to a <A HREF="trusted-keys.html">trusted key</A>. It is considered secure, so that data that it signs will be considered secure. The DNSSEC flags, protocol, and algorithm are specified, as well as a base-64 encoded string representing the key. </DL> <HR> <CENTER><P>[ <A HREF="config.html">BIND Config. File</A> | <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> | <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> <HR> <ADDRESS> Last Updated: $Id: zone.html,v 1.1.1.4 2002/11/18 22:26:21 bbraun Exp $ </ADDRESS> </BODY> </HTML>